• • Information about your card, including your 16-digit payment card number, which is also known as a personal account number or “PAN”; an associated non-financial identifier known as a payment account reference or “PAR” token; and expiration date, service code, PIN verification data and CVV.

• • Information about your transactions, including the date, time, location and amount of the transaction and information about the merchant. This may also include item-level data in some cases, and billing and shipping information.
• Relationship Information: includes information about your shopping and payment preferences and other information that may help us provide you with personalized content, such as:
  • Demographic information, such as age range and marital or family status.
  • Likelihood that you may be interested in certain purchases or experience life events and other propensity scores; and

• • Social network profile data and information about your interests.
• Interaction information: this includes information about your interactions with Visa, such as:

• • Information collected when you participate in promotions or programs, such as rewards program account information.

• • Card benefit program information, including qualification data and related records.

• • Information collected when you communicate with us, for example, if you contact our customer service.

• • Visitor logs;
  • Information collected when you attend Visa-sponsored events, such as travel-related information for you and your companions gathered at the events; and

• • Other information you provide to us, such as data collected for consumer authentication (e.g., passwords or account security questions).

• Biometric identifiers: this may include facial recognition data, fingerprints, keystroke time, scroll position and behavioural data or other physical patterns, such as when you choose to use biometric authentication with Visa or its customers.

• Business customer data: this includes information about your role within your company, your authorization to use products or services and your authority to place orders; customer/supplier qualification details; and other data you share with us linked to the relationship.

• Inferred and derived information: We infer and derive data elements by analyzing our relationship and transactional information. For example, we may generate propensities, attributes and/or scores for marketing, security or fraud purposes.

• Online and Technical Information: This includes information about your interactions with our websites, applications or advertisements, including IP address, device identifiers, settings, features, advertising identification, browsing history, web server logs, server logs, activity logs, keystroke times and other information collected through cookies and similar technologies.

• Audio and visual information: this includes audio, electronic, visual or similar information relating to your interactions with us, including photographs, video images, CCTV recordings, call center recordings, call monitoring records and voicemails.

• Government-issued identification numbers: this includes social security number, driver’s license number, passport number and other government-issued identifiers that may be necessary for compliance or given the nature of the relationship.

• Geolocation information: this may include precise geolocation information, which we may automatically collect from your mobile device if you choose to allow us to collect it.
• Professional and employment information: this includes professional or employment-related information for employees and prospective employees, including applicant data and resumes, such as educational and employment background; information about job qualifications, such as skills and credentials; career interests and goals; information collected for employee qualifications, such as right-to-work documentation; and references.
• Compliance data: this includes records maintained to demonstrate compliance with applicable laws; records related to consumer preferences, such as their choices to opt-in and opt-out of marketing programs; and records related to requests for data subjects’ rights.
  
  
  

Some of the Personal Information in these categories may be considered Sensitive Personal Information in some jurisdictions.

c. Sources of personal information

We may collect Personal Information about you from a variety of sources, depending on our relationship and interaction with you. These sources may include:

• Financial institutions, payment card issuers, merchants, acquirers and others.

• Other third party vendors, including data aggregators, social media companies and other publicly available sources. In addition, Professional and Employment Information may be collected from your references and from outside vendors who assist us in conducting internal investigations and background checks, and Business Customer Data may be collected from your employer, trade show and conference organizers, and professional services companies.
  
  
  

d. Without prior authorization

 AS·NET may process personal data without prior authorization of the holder in all cases in which such data is of a public nature. That is to say, all data collected through Public Records or documents of public use, shall not require authorization from the holder for its processing. The foregoing in accordance with the provisions of Article 10 of Law 1581 of 2012.

e. With prior authorization

 Apart from the data collected through the provision of services, AS·NET collects and processes other personal data different and necessary for the fulfillment of other functions proper to its nature and objectives.

PURPOSES OF THE PROCESSING OF PERSONAL DATA

 The purposes for which the personal data of natural persons who have or have had some kind of relationship with AS·NET may be processed are listed below:

• • Execution of the contract signed with AS·NET, as client, supplier and/or collaborator.
  • Payment of contractual obligations.
  • Sending information to governmental or judicial entities at their express request.
  • Support in external/internal audit processes.
  • Sending/receiving messages for commercial, advertising and/or customer service purposes.
  • Registration of the information of candidates, clients, employees and/or suppliers in the Company’s databases.
  • Contact with candidates, clients, employees or suppliers to send information related to the contractual, commercial or obligatory relationship that takes place.
  • Fulfillment of the duties that AS·NET has as responsible for the information and personal data.
  • For security or fraud prevention purposes.
  • To provide you with effective customer service.
  • Any other purpose resulting from the development of the contract or the relationship between the owner of the data and AS·NET.

And all those purposes that are specified prior to the time of data collection.

RIGHTS OF THE OWNERS

• 
  
  • Know, update and rectify your personal data.
  • To revoke the authorization granted for the processing of your personal data.
  • Request the deletion of your personal data.
  • Request proof of the authorization granted.
  • Be informed about the use given to your data.
  • File complaints before the Superintendence of Industry and Commerce (SIC) for infringements to the provisions of the Personal Data Protection Law once the consultation or complaint process before AS·NET has been exhausted.
  • Access free of charge to your personal data being processed.

TRANSFER OF PERSONAL DATA TO THIRD PARTIES

 AS·NET may transfer your personal data to third parties with whom it has an operational relationship that provide services necessary for its proper functioning, or in accordance with the functions established in the Law. In such cases, we inform you that AS·NET shall adopt the necessary measures so that the persons who have access to your personal data comply with the PO-Privacy and Personal Data Processing Policy_SIPO-04 adopted by AS·NET.

MODIFICATIONS TO THE PRIVACY NOTICE

Any modification to this Notice will be notified to you through any of the following means: A written communication sent to your address or delivered to AS·NET; a message sent to your e-mail or cell phone; a message made known through the web page http://www.asnetla.com/ or any electronic means you use to carry out transactions with AS·NET; or, through notices published in the different communication channels.

INFORMATION SECURITY

AS·NET has adopted the technological, legal and procedural measures possible and necessary for the protection of your personal data, in order to guarantee the attributes of confidentiality, authenticity, integrity and availability of the information. For further information about the treatment of your personal data, you may contact us by e-mail at sgsi@asnetla.com.

Remember that AS·NET has collected personal data from its customers that are necessary for the proper performance of its functions. For this reason, our customers should be aware that, in order to provide them with our services, their personal data are required, which will be treated with the utmost care. Consequently, the request for deletion of personal data and the revocation of the authorization for the processing of personal data F-Authorization for the Processing of Personal Data_SIF-04 shall not proceed when the Holder of such data has a legal or contractual duty to remain in the database and/or files of AS·NET, nor while the relationship between the Holder and the Company, by virtue of which the data were collected, is still in force. When the request to update, rectify or delete the personal data or revoke the authorization granted for processing, the form F-Request to Exercise the Rights of the Personal Data Holder_SIF-48 must be filled out and sent, which may be requested by sending an e- mail to sgsi@asnetla.com.

REQUIREMENT

 If you require more information to know our personal data processing policy and the substantial changes that occur in it, please consult here.

If you wish to submit a query, claim or request for information related to the protection of personal data, you may contact us by e-mail atsgsi@asnetla.com or by phone at (57 -1) 58011800 EXT. 1059 or at the Main Office, Carrera 49ª No. 91-31 La Castellana. Bogotá,
D.C. Colombia.